[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: draft-ietf-smime-3851bis (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) to Proposed Standard

To: <iesg@xxxxxxxx>, <ietf-smime@xxxxxxx>
Subject: RE: Last Call: draft-ietf-smime-3851bis (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) to Proposed Standard
From: "Turner, Sean P." <turners@xxxxxxxx>
Date: Thu, 13 Nov 2008 13:05:02 -0500
In-reply-to: <20081030164211.D60EF3A684F@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Organization: IECA, Inc.
References: <20081030164211.D60EF3A684F@xxxxxxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx
Thread-index: Ack6rtPdEuque2DLR8yPNyX5TMydiwLCQuhA

One thing I noted is that to ensure interoperability of the SHOULD- for the
DH ephemeral-static requirement we need to pick a MUST key wrap algorithm
(note that E-S DH was a SHOULD in RFC 3851 but RFC 3851 did not include
requirements for a key wrap algorithm).  The text should not only indicate
which key wrap algorithms to use but what kind of content encryption keys
the algorithm is "good" for.  I suggest adding the following text to Section
2.3 right after the bullets (all of the references were already normative
references):

When DH ephemeral-static is used, a key wrap algorithm is also specified in
the KeyEncryptionAlgorithmIdentifier [CMS].  When DH ephemeral-static is
used with an AES content encryption algorithm (see Section 2.7), the key
wrap algorithm MUST be an AES key wrap algorithm from [CMSAES].  When DH
ephemeral-static is used with the Triple DES content encryption algorithm
(see Section 2.7), the key wrap algorithm MUST be either Triple DES key wrap
from [CMSALG] or one of the AES key wraps from [CMSAES].  The strength of
the key wrap algorithm MUST be as strong as the content encryption
algorithm:

- The Triple-DES key wrap algorithm can be used with the Triple-DES content
  encryption algorithm,
- The AES 128 key wrap algorithm can be used with The Triple-DES and AES 128
  content encryption algorithms,
- The AES 192 key wrap algorithm can be used with The Triple-DES, AES 128,
  and AES 192 content encryption algorithms,
- The AES 256 key wrap algorithm can be used with The Triple-DES, AES 128,
  AES 192, and AES 256 content encryption algorithms. 

spt 

>-----Original Message-----
>From: ietf-announce-bounces@xxxxxxxx 
>[mailto:ietf-announce-bounces@xxxxxxxx] On Behalf Of The IESG
>Sent: Thursday, October 30, 2008 12:42 PM
>To: IETF-Announce
>Cc: ietf-smime@xxxxxxx
>Subject: Last Call: draft-ietf-smime-3851bis 
>(Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 
>3.2 Message Specification) to Proposed Standard 
>
>The IESG has received a request from the S/MIME Mail Security 
>WG (smime) to consider the following document:
>
>- 'Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 
>   Message Specification '
>   <draft-ietf-smime-3851bis-08.txt> as a Proposed Standard
>
>The IESG plans to make a decision in the next few weeks, and 
>solicits final comments on this action.
>
>In particular, the IESG solicits comments on the cryptographic 
>strength requirements specified in section 4.1 through 4.5, 
>and the following statement from Section 6, Security Considerations:
>
>   "Today, 512-bit RSA, DSA and DH keys are considered by many experts
>   to be cryptographically insecure."
>
>These sections allow the continued use of RSA, DSA, and DH key 
>lengths between 512 and 1024 bits.  Given that other 
>organizations are moving to a minimum key length of 2048 bits, 
>the IESG wishes to verify IETF consensus for the cryptographic 
>minimums in this document.
>
>Please send substantive comments to the
>ietf@xxxxxxxx mailing lists by 2008-11-13. Exceptionally, 
>comments may be sent to iesg@xxxxxxxx instead. In either case, 
>please retain the beginning of the Subject line to allow 
>automated sorting.
>
>The file can be obtained via
>http://www.ietf.org/internet-drafts/draft-ietf-smime-3851bis-08.txt
>
>
>IESG discussion can be tracked via
>https://datatracker.ietf.org/public/pidtracker.cgi?command=view
>_id&dTag=16577&rfc_flag=0
>
>_______________________________________________
>IETF-Announce mailing list
>IETF-Announce@xxxxxxxx
>https://www.ietf.org/mailman/listinfo/ietf-announce

Follow-Ups:
- RE: Last Call: draft-ietf-smime-3851bis (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) to Proposed Standard
  - From: Paul Hoffman

References:
- Last Call: draft-ietf-smime-3851bis (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) to Proposed Standard
  - From: The IESG

Prev by Date: I-D ACTION:draft-ietf-smime-cms-rsa-kem-06.txt
Next by Date: RE: Last Call: draft-ietf-smime-3851bis (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) to Proposed Standard
Previous by thread: Last Call: draft-ietf-smime-3851bis (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) to Proposed Standard
Next by thread: RE: Last Call: draft-ietf-smime-3851bis (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) to Proposed Standard
Index(es):
- Date
- Thread